Android: Google closes some critical vulnerabilities on July Patchday
Google has released updates for Android 12, 12L, 13 and 14 as part of the July Patchday. They close privilege escalation vulnerabilities.
![Stylized image: Smartphone with Android robot on the screen, on fire](https://heise.cloudimg.io/width/610/q85.png-lossy-85.webp-lossy-85.foil1/_www-heise-de_/imgs/18/4/6/2/6/3/7/5/2024-05-07-BingCreator-Android_Sicherheitsluecke-2-2160px-82bcd755301c9f32.png)
Security vulnerabilities threaten Android smartphones.
(Image: Bild erstellt mit KI in Bing Designer durch heise online / dmk)
Google has released the July Patchday updates for the Android smartphone and tablet operating system. In all currently supported Android versions, namely 12, 12L, 13 and 14, there are some high-risk vulnerabilities, some of which are even classified as critical.
According to the description, all vulnerabilities in the Android components allow attackers to extend their local rights. The vulnerabilities affect the framework and system components. There are four vulnerabilities in the framework, one of which only affects Android 12 and 12L, but is classified as a critical risk. The remaining gaps have a threat level of "high", as do the four gaps in the system. These are patched by patch level 01.07.2024. There are also two vulnerabilities that are closed with Google Play system updates.
Further vulnerabilities
For devices that the manufacturers bring to patch level 05.07.2024, there are security fixes in the kernel for a high-risk vulnerability. They also close two high-risk gaps within ARM processors, five in the software for the PowerVR GPU from Imagine Technologies, two in frequently used Mediatek chips and four more in Qualcomm components. In addition, there are updates to Qualcomm closed-source software that seal one critical and four high-risk vulnerabilities.
As always, smartphone owners will have to be patient until the Android updates materialize as firmware updates for their device. Even for Google's own Pixel smartphones, the July update is still pending at the time of reporting. However, updated firmware packages should be distributed promptly for devices that are still receiving support from the manufacturer.
On the June patch day, Google also closed vulnerabilities in the supported Android 12, 12L, 13 and 14 operating systems, many of which were classified as high risk.
(dmk)